Download New Updated (July) Cisco 400-101 Actual Test 171-180

Ensurepass

 

QUESTION 171

Which authentication method does OSPFv3 use to secure communication between neighbors?

 

A.

plaintext

B.

MD5 HMAC

C.

PKI

D.

IPSec

 

Correct Answer: D

Explanation:

In order to ensure that OSPFv3 packets are not altered and re-sent to the device, causing the device to behave in a way not desired by its system administrators, OSPFv3 packets must be authenticated. OSPFv3 uses the IPsec secure socket API to add authentication to OSPFv3 packets. This API supports IPv6.

OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html

 

 

 

 

 

QUESTION 172

Refer to the exhibit. Why is the prefix 1.1.1.1/32 not present in the routing table of R1?

 

clip_image002

 

A.

There is a duplicate router ID.

B.

There is a subnet mask mismatch on Ethernet0/0.

C.

The router LSA has an invalid checksum.

D.

There is an OSPF network type mismatch that causes the advertising router to be unreachable.

 

Correct Answer: D

Explanation:

A common problem when using Open Shortest Path First (OSPF) is routes in the database don’t appear in the routing table. In most cases OSPF finds a discrepancy in the database so it doesn’t install the route in the routing table. Often, you can see the Adv Router is not-reachable message (which means that the router advertising the LSA is not reachable through OSPF) on top of the link-state advertisement (LSA) in the database when this problem occurs. Here is an example:

Adv Router is not-reachable

LS agE. 418

Options: (No TOS-capability, DC)

LS TypE. Router Links

Link State ID. 172.16.32.2

Advertising Router: 172.16.32.2

LS Seq Number: 80000002

Checksum: 0xFA63

Length: 60

Number of Links: 3

There are several reasons for this problem, most of which deal with mis-configuration or a broken topology. When the configuration is corrected the OSPF database discrepancy goes away and the routes appear in the routing table.

Reason 1: Network Type Mismatch

Let’s use the following network diagram as an example:

 < /span>

clip_image004

 

R4-4K

R1-7010

interface Loopback0

ip address 172.16.33.1 255.255.255.255

 

interface Serial2

ip address 172.16.32.1 255.255.255.0

ip ospf network broadcast

 

router ospf 20

network 172.16.0.0 0.0.255.255 area 0

interface Loopback0

ip address 172.16.30.1 255.255.255.255

!

interface Serial1/0

ip address 172.16.32.2 255.255.255.0

clockrate 64000

 

router ospf 20

network 172.16.0.0 0.0.255.255 area 0

R4-4K(4)# show ip ospf interface serial 2

Serial2 is up, line protocol is up

Internet Address 172.16.32.1/24, Area 0

Process ID 20, Router ID 172.16.33.1, Network Type BROADCAST, Cost: 64

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router (ID) 172.16.33.1, Interface address 172.16.32.1

Backup Designated router (ID) 172.16.32.2, Interface address 172.16.32.2

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:08

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 172.16.32.2 (Backup Designated Router)

Suppress hello for 0 neighbor(s)

 

R1-7010(5)# show ip ospf interface serial 1/0

Serial1/0 is up, line protocol is up

Internet Address 172.16.32.2/24, Area 0

Process ID 20, Router ID 172.16.32.2, Network Type POINT_TO_POINT, Cost: 64

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:02

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 172.16.33.1

Suppress hello for 0 neighbor(s)


As you can see above, Router R4-4K is configured for broadcast, and Router R1-7010 is configured for point-to-point. This kind of network type mismatch makes the advertising router unreachable.

R4-4K(4)# show ip ospf database router 172.16.32.2

 

Adv Router is not-reachable

LS age. 418

Options: (No TOS-capability, DC)

LS Type. Router Links

Link State ID. 172.16.32.2

Advertising Router: 172.16.32.2

LS Seq Number: 80000002

Checksum: 0xFA63

Length: 60

Number of Links: 3

 

Link connected to: another Router (point-to-point)

(Link ID) Neighboring Router ID. 172.16.33.1

(Link Data) Router Interface address: 172.16.32.2

Number of TOS metrics: 0

TOS 0 Metrics: 64

 

Link connected to: a Stub Network

(Link ID) Network/subnet number: 172.16.32.0

(Link Data) Network Mask: 255.255.255.0

Number of TOS metrics: 0

TOS 0 Metrics: 64

 

R1-7010(5)# show ip ospf database router 172.16.33.1

 

Adv Router is not-reachable

LS age. 357

Options: (No TOS-capability, DC)

LS Type. Router Links

Link State ID. 172.16.33.1

Advertising Router: 172.16.33.1

LS Seq Number: 8000000A

Checksum: 0xD4AA

Length: 48

Number of Links: 2

 

Link connected to: a Transit Network

(Link ID) Designated Router address: 172.16.32.1

(Link Data) Router Interface address: 172.16.32.1

Number of TOS metrics: 0

TOS 0 Metrics: 64

 

You can see that for subnet 172.16.32.0/24, Router R1-7010 is generating a point-to-point link and Router R4-4K is generating a transit link. This creates a discrepancy in the link-state database, which means no routes are installed in the routing table.

 

R1-7010(5)# show ip route

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

C 172.16.32.0/24 is directly connected, Serial1/0

C 172.16.30.1/32 is directly connected, Loopback0

 

Solution

To solve this problem, configure both routers for the same network type. You can either change the network type of Router R1-7010 to broadcast, or change Router R4-4K’s serial interface to point-to-point.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7112-26.html

 

 

QUESTION 173

Which three statements are true about OSPFv3? (Choose three.)

 

A.

The only method to enable OSPFv3 on an interface is via the interface configuration mode.

B.

Multiple instances of OSPFv3 can be enabled on a single link.

C.

There are two methods to enable OSPFv3 on an interface, either via the interface configuration mode or via the router configuration mode.

D.

For OSPFv3 to function, IPv6 unicast routing must be enabled.

E.

For OSPFv3 to function, IPv6 must be enabled on the interface.

F.

Only one instance of OSPFv3 can be enabled on a single link.

 

Correct Answer: BDE

Explanation:

Here is a list of the differences between OSPFv2 and OSPFv3:

 

Following is a simple example of OSPFv3 configuration on a Cisco IOS 12.4T router.

 

ipv6 unicast-routing

ipv6 cef

!

interface GigabitEthernet 0/0

description Area 0.0.0.0 backbone interface

ipv6 address 2001:DB8:100:1::1/64

ipv6 ospf network broadcast

ipv6 ospf 100 area 0.0.0.0

 

Reference: http://www.networkworld.com/article/2225270/cisco-subnet/ospfv3-for-ipv4-and-ipv6.html

 

 

QUESTION 174

Which statement about OSPF multiaccess segments is true?

 

A.

The designated router is elected first.

B.

The designated and backup designated routers are elected at the same time.

C.

The router that sent the first hello message is elected first.

D.

The backup designated router is elected first.

 

Correct Answer: D

Explanation:

According to the RFC, the BDR is actually elected first, followed by the DR. The RFC explains why:

“The reason behind the election algorithm’s complexity is the desire for an orderly transition from Backup Designated Router to Designated Router, when the current Designated Router fails. This orderly transition is ensured through the introduction of hysteresis: no new Backup Designated Router can be chosen until the old Backup accepts its new Designated Router responsibilities. The above procedure may elect the same router to be both Designated Router and Backup Designated Router, although that router will never be the calculating router (Router X) itself.”

Reference: http://www.ietf.org/rfc/rfc2328.txt?Page76

 

 

QUESTION 175

What are the minimal configuration steps that are required to configure EIGRP HMAC-SHA2 authentication?

 

A.

classic router mode, interface XX, authentication mode hmac-sha-256 <password>

B.

named router mode, address-family statement, authentication mode hmac-sha-256 <password>

C.

named router mode, address-family statement, af-interface default, authentication mode hmac- sha-256 <password>

D.

named router mode, address-family statement, authentication mode hmac-sha-256 <password>

 

Correct Answer: C

Explanation:

The example below shows how to configure EIGRP HMAC-SHA2 on Cisco router:

Device(config)# router eigrp name1

Device(config-router)# address-family ipv4 autonomous-system 45000

Device(config-router-af)# af-interface ethernet 0/0

Device(config-router-af-interface)# authentication mode hmac-sha-256 0 password1

Device(config-router-af-interface)# end

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-sy/ire-15-sy-book/ire-sha-256.html

 

 

QUESTION 176

Refer to the exhibit. How many EIGRP routes will appear in the routing table of R2?

 

clip_image006

A.

0

B.

1

C.

2

D.

3

 

Correct Answer: A

Explanation:

EIGRPv6 on R2 was shut down so there is no EIGRP routes on the routing table of R2. If we turn on EIGRPv6 on R2 (with “no shutdown” command) then we would see the prefix of the loopback interface of R1 in the routing table of R2.

 

clip_image008

 

Note. EIGRPv6 requires the “ipv6 unicast-routing” global command to be turned on first or it will not work.

 

 

QUESTION 177

Which two configuration changes should be made on the OTP interface of an EIGRP OTP route reflector? (Choose two.)

 

A.

passive-interface

B.

no split-horizon

C.

no next-hop-self

D.

hello-interval 60, hold-time 180

 

Correct Answer: BC

Explanation:

The EIGRP Over the Top feature enables a single end-to-end Enhanced Interior Gateway Routing Protocol (EIGRP) routing domain that is transparent to the underlying public or private WAN transport that is used for connecting disparate EIGRP customer sites. When an enterprise extends its connectivity across multiple sites through a private or a public WAN connection, the service provider mandates that the enterprise use an additional routing protocol, typically the Border Gateway Protocol (BGP), over the WAN links to ensure end-to-end routing. The use of an additional protocol causes additional complexities for the enterprise, such as additional routing processes and sustained interaction between EIGRP and the routing protocol to ensure connectivity, for the enterprise. With the EIGRP Over the Top feature, routing is consolidated into a single protocol (EIGRP) across the WAN.

 

Perform this task to configure a customer edge (CE) device in a network to function as an EIGRP Route Reflector:

 

1. enable

2. configure terminal

3. router eigrp virtual-name

4. address-family ipv4 unicast autonomous-system as-number

5. af-interface interface-type interface-number

6. no next-hop-self

7. no split-horizon

8. exit

9. remote-neighbors source interface-type interface-number unicast-listen lisp-encap

10. network ip-address

11. end

 

Note. Use no next-hop-self to instructs EIGRP to use the received next hop and not the local outbound interface address as the next hop to be advertised to neighboring devices. If no next- hop-self is not configured, the data traffic will flow through the EIGRP Route Reflector.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-eigrp-over-the-top.html

 

 

QUESTION 178

Which statement about the function of poison reverse in EIGRP is true?

 

A.

It tells peers to remove paths that previously might have pointed to this router.

B.

It tells peers to remove paths to save memory and bandwidth.

C.

It provides reverse path information for multicast routing.

D.

It tells peers that a prefix is no longer reachable.

 

Correct Answer: A

Explanation:

Poison Reverse in EIGRP states: “Once you learn of a route through an interface, advertise it as unreachable back through that same interface”. For more information please read here.

http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html#splithorizon.

 

 

QUESTION 179

What is the preferred method to improve neighbor loss detection in EIGRP?

 

A.

EIGRP natively detects neighbor down immediately, and no additional feature or configuration is required.

B.

BFD should be used on interfaces that support it for rapid neighbor loss detection.

C.

Fast hellos (subsecond) are preferred for EIGRP, so that it learns rapidly through its own mechanisms.

D.

Fast hellos (one-second hellos) are preferred for EIGRP, so that it learns rapidly through its own mechanisms.

 

Correct Answer: B

Explanation:

Bi-directional Forwarding Detection (BFD) provides rapid failure detection times between forwarding engines, while maintaining low overhead. It also provides a single, standardized method of link/device/protocol failure detection at any protocol layer and over any media.

Reference: “Bidirectional Forwarding Detection for EIGRP”

http://www.cisco.com/en/US/technologies/tk648/tk365/tk207/technologies_white_paper0900aecd8 0243fe7.html

 

 

QUESTION 180

How does EIGRP derive the metric for manual summary routes?

 

A.

It uses the best composite metric of any component route in the topology table.

B.

It uses the worst composite metric of any component route in the topology table.

C.

It uses the best metric vectors of all component routes in the topology table.

D.

It uses the worst metric vectors of all component routes in the topology table.

 

Correct Answer: A

Explanation:

For example if your router has a routing table like this:

D 192.168.8.0/24 [90/2632528] via 192.168.0.1, 00:00:12, Serial0/0 D 192.168.9.0/24 [90/2323456] via 192.168.0.1, 00:00:12, Serial0/0 D 192.168.10.0/24 [90/2195456] via 192.168.0.1, 00:00:12, Serial0/0 D 192.168.11.0/24 [90/2323456] via 192.168.0.1, 00:00:12, Serial0/0

Now suppose you want to manually summarize all the routes above, you can use this command (on the router that advertised these routes to our router):

Router(config-if)#ip summary-address eigrp 1 192.168.8.0 255.255.248.0

After that the routing table of your router will look like this:

D 192.168.8.0/21 [90/2195456] via 192.168.0.1, 00:01:42, Serial0/0

And we can see the manual summary route takes the smallest metric of the specific routes.

 

Free VCE & PDF File for Cisco 400-101 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

 

Comments are closed.